Description
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
Published: 2026-03-30
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting via unsanitized url parameter in /redirect.cgi
Action: Patch
AI Analysis

Impact

Smoothwall Express versions before 3.1 Update 13 suffer from a reflected cross‑site scripting flaw in the /redirect.cgi, where the url parameter is not properly sanitized. This flaw allows attackers to embed malicious javascript: schemes into the link which, when a user clicks the link, execute arbitrary JavaScript in the victim’s browser, potentially compromising user sessions and confidential data. The weakness is identified as CWE‑79.

Affected Systems

All Smoothwall Express deployments running any version before the 3.1 Update 13 release are vulnerable, including updates 1 through 12 of the 3.1 release line. The vulnerability does not affect later updates beyond 3.1 Update 13 or subsequent major releases.

Risk and Exploitability

The CVSS score of 5.1 indicates medium severity. The EPSS score of less than 1% suggests the likelihood of exploitation on any given day is low, and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Attackers can craft malicious links without authentication, so the primary attack vector is via browser exploitation when users click crafted URLs.

Generated by OpenCVE AI on April 14, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Smoothwall Express to 3.1 Update 13 or later to remove the unsanitized url handling in redirect.cgi
  • Verify that the redirect.cgi endpoint no longer accepts javascript: schemes in its url parameter
  • If the redirect functionality is not required, consider disabling the /redirect.cgi endpoint to reduce attack surface
  • Monitor for unexpected or malicious link usage and apply additional filtering or logging as a temporary safeguard

Generated by OpenCVE AI on April 14, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Smoothwall smoothwall Express
CPEs cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*
Vendors & Products Smoothwall smoothwall Express

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Smoothwall
Smoothwall express
Vendors & Products Smoothwall
Smoothwall express

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
Title Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Smoothwall Express Smoothwall Express
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T18:05:32.880Z

Reserved: 2026-02-19T19:51:07.327Z

Link: CVE-2026-27508

cve-icon Vulnrichment

Updated: 2026-03-31T17:51:54.480Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T17:16:15.440

Modified: 2026-04-14T16:32:57.800

Link: CVE-2026-27508

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses